Setting up outgoing email to use TLS and port 465
The web interface does not allow the admin to specify a port (nor set up TLS security) for outgoing email. Outgoing email uses port 25 by default. Many ISPs block that outgoing port. You can still use Google mail if you configure the port manually to 465 and the connection to use TLS security. The username and mail server information can and should be set via the web interface at Maintenance->Log page and under Report config. The configuration is in the file /etc/msmtprc, but a reboot (or changing any mail server parameters) will overwrite the file and lose all our changes. We can use cron from the Tweaks zypkg http://zyxel.nas-central.org/wiki/3rd_p ... kgs#Tweaks to counter that as decribed below. NSA uses msmtp http://msmtp.sourceforge.net/ as the mail client.
Steps:
Log in as root via telnet.
Add the following script to a file, for example to /i-data/md0/admin/enable_emailTLS.sh
Code: Select all
#!
cat <<EOF | cat - /etc/msmtprc > /etc/msmtprc.tmp; mv /etc/msmtprc.tmp /etc/msmtprc; chmod 0600 /etc/msmtprc
defaults
port 465
tls on
tls_starttls off
tls_certcheck off
EOF
Change file permissions for the script
Code: Select all
chmod u+x /i-data/md0/admin/enable_emailTLS.sh
Code: Select all
@reboot /i-data/md0/admin/enable_emailTLS.sh
An easy way to test is to go to the Maintenance->Log page and under Report config->Report setting activate email alert. Now if you try to log in to the web interface with a wrong username/password it will be logged as an alert and the system will send an email.
Using logging in shell scripts
You can add entries to the Maintenance->Log page and create alerts that will trigger email notifications.
The command for that is
Code: Select all
zylogger -s source -p priority -f facility logstring...
Code: Select all
zylogger -s 31 -p 1 -f 0 Alert message test
Code: Select all
zylogger -s 31 -p 6 -f 0 Info message test
I did not find any documentation for this, but with some experimenting I found out how to use it.
The source parameter specifies the class that is shown on the log page.
The values that produce an entry in the log are listed below.
Code: Select all
0 default
1 content-filter
2 content-filter-forward
3 user
4 myzyxel-dot-com
5 zysh
6 idp
9 file-manage
10 app-patrol
11 ike
12 ipsec
13 firewall
14 sessions-limit
16 policy-route
18 system
19 connectivity-check
20 device-ha
21 routing-protocol
22 nat
23 pki
24 interface
25 account
26 port-grouping
27 force.auth
28 storage
29 share
30 application
31 backup
32 autoupload
33 action-log
priority (Severity):
Code: Select all
0 emerg
1 alert
2 crit
3 error
4 warn
5 notice
6 info
I will be happy to hear if anyone has more information.